The Board’s Role in Mitigating U.S. False Claims Act Risks
The U.S. False Claims Act (FCA) is an anti-fraud statute used to police the conduct of companies that accept federal funds or have payment obligations to the federal government. The government has been hugely successful in pursuing FCA cases, collecting $26.4 billion from 2009-2015, with $5.5 billion and $3.5 billion in 2014 and 2015, respectively. In light of these staggering figures, every company potentially subject to the FCA must be aware of and take steps to minimize its FCA compliance risk.
The FCA imposes liability on companies and individuals that submit “false claims” for payment to the government. Originally termed “Lincoln’s Law,” the FCA was enacted during the Civil War to bring to justice suppliers who sold fraudulent goods to the Union Army. Its modern incarnation has expanded beyond its defense contracting roots to become a leviathan statute with the ability to reach a vast number of companies and organizations.
The FCA imposes a broad spectrum of liability. “Claims” may be direct or indirect. In addition to a classic “claim”—i.e., an invoice for services rendered—the FCA also applies to, for example, pharmaceutical companies receiving funds through research grants and oil companies paying royalties. Indeed, any entity participating in a government program that provides funding, including Medicare, the Small Business Administration, or even the Federal Emergency Management Association, is subject to the FCA.
While a violation occurs only if the claim is “false,” falsity is a concept given wide latitudes under the FCA. A claim could be “false” if it incorrectly states the amount owed, mischaracterizes services rendered, or in at least some jurisdictions—even if the claim is entirely accurate on its face—the submitter was not in perfect compliance with an applicable contract term, statute, or regulation, and a plaintiff convinces a court that this lack of compliance could have affected the government’s decision to pay that claim.
Penalties for violating the FCA are severe, including triple damages and up to $11,000 penalties per false claim. These high penalties push this civil statute into the quasi-criminal realm. This means that in an industry where invoicing occurs based on discrete transactions, the penalties alone could be harsh even if the actual “false claim” is relatively small. FCA cases are also expensive to defend, and carry additional risks of reputational impact and even suspension or debarment from doing business with the government. Companies often choose to settle these cases for high amounts rather than risk an unfavorable verdict. In 2014, Countrywide Financial Corp. and Bank of America paid $1 billion to settle an FCA case, rather than litigate to measured damages and penalties.
The FCA is a bounty statute, allowing private citizens to bring suit on behalf of the government in exchange for a “bounty” for bringing the case to the government. The potential rewards for turning in a whistleblower create a strong incentive for current and former employees to run to the government with any perceived violations rather than reporting the concern to management. In 2015 alone, FCA whistleblowers received over $590 million.
There are some affirmative steps that a board can take to protect against FCA liability:
- Review the company’s business operations with management to identify “claims” subject to potential FCA enforcement and ensure that these actions are periodically reviewed to prevent and detect potential FCA violations;
- Maintain a publicized, anonymous and confidential fraud reporting hotline for employees and third parties;
- Investigate reports of fraud-related conduct through counsel to establish and maintain attorney-client privilege over the investigation;
- Ensure hotline reporters are informed about the company’s attention to their concerns, validating their efforts while only sharing non-privileged information so as to protect the privilege;
- Be aware of whistleblower protection laws, especially the FCA’s prohibition of retaliating against employees;
- Upon learning of potential FCA liability, consider whether the company has any obligation to report this to any government agency;
- Ensure that the company has a compliance professional and/or experienced FCA counsel who periodically assesses the company’s potential liability and advises the Board about this complex and evolving statute.
Tirzah Lollar is a partner and Kathleen Neace is an associate in the Washington, D.C. office of Vinson & Elkins LLP.